Analisis Klasterisasi Malware: Evaluasi Data Training Dalam Proses Klasifikasi Malware
DOI:
https://doi.org/10.31961/eltikom.v2i2.88Keywords:
data latih, klasifikasi, klasterisasi, malware, system callAbstract
Data latih merupakan salah satu bagian penting pada proses klasifikasi. Terutama jika data tersebut digunakan untuk membuat sistem pendeteksi malware. Penelitian ini melakukan perbandingan data latih yang dihasilkan dari dua penelitian yang telah dilakukan sebelumnya, data yang digunakan pada kedua penelitian tersebut merupakan data malware android berdasarkan frekuensi system call sejumlah 600 data. Penelitian pertama melakukan klasifikasi dan menghasilkan 4 jenis malware, sedangkan penelitian kedua melakukan klastering dan menghasilkan 8 klaster. Dari kedua penelitian tersebut, peneliti melakukan evaluasi data latih dari masing - masing penelitian untuk mendapatkan hasil data latih yang lebih akurat, dengan menggunakan data uji sejumlah 50, peneliti melakukan evaluasi dan uji coba dengan menggunakan algoritme kNN. Hasil yang didapatkan, penggunaan data latih berdasarkan hasil klastering pada proses klasifikasi lebih direkomendasikan, hasil Error Prediction penelitian pertama: 0,995 sedangkan pada penelitian kedua: 0,998. Hasil Recall dan akurasi menggunakan metode cross validation, penelitian pertama, Recall: 0,665 akurasi: 0,66, penelitian kedua, Recall: 0,893 akurasi: 0,89, sedangkan Hasil Recall dan akurasi menggunakan metode precentage split, penelitian pertama, Recall: 0,657 akurasi: 0,65, penelitian kedua, Recall: 0,798 akurasi: 0,79. Berdasarkan hasil pengujian, proses klastering yang menggunakan data frekuensi system call malware menghasilkan data latih yang lebih akurat dibandingkan dengan data latih yang dihasilkan dengan menggunakan suatu situs penamaan malware.
Downloads
References
K. Millard and M. Richardson, "On the Importance of Training Data Sample Selection in Random Forest Image Classification: A Case Study in Peatland Ecosystem Mapping," Remote Sens, vol. 7, no. 7, pp. 8489-8515, 2015.
M. Dimjašević, S. Atzeni, Z. Rakamarić and I. Ugrina, "Evaluation Of Android Malware Detection Based on System Calls," in International Workshop on Security And Privacy Analytics. ACM, Salt Lake, 2016.
R. Canzanese, S. Mancoridis and M. Kam, "System Call-Based Detection of Malicious Processes," in IEEE, Vancouver, 2015.
R. Canzanese, S. Mancoridis and M. Kam, "Run-Time Classification of Malicious Processes Using System Call Analysis," in International Conference on Malicious and Unwanted Software (MALWARE), Fajardo, 2015.
S. Malik, "Android System Call Analysis for Malicious Application Detection," International Journal of Computer Sciences and Engineering, vol. 5, no. 11, pp. 105-108, 2017.
T. K. Barsiya, M. Gyanchandani and R. Wadhwani, "ANDROID MALWARE ANALYSIS : A SURVEY PAPER," International Journal of Control, Automation, Communication and Systems (IJCACS), pp. 35-42, 2016.
M. Christodorescu, S. Jha, S. A. Seshia, D. Song and R. E. Bryant, "Semantics-aware malware detection," in IEEE Symposium on Security and Privacy, Oakland, 2005.
S. Pai, A Comparison of Clustering Techniques for Malware Analysis, San Jose: San Jose State University, 2015.
U. Bayer, P. M. Comparetti, C. Hlauschek, C. Kruegel and E. Kirda, "Scalable, Behavior-Based Malware Clustering," NDSS, pp. 8-25, 2009.
N. Idika and A. P. Mathur, A Survey of Malware Detection Techniques, West Lafayette: Purdue University, 2007.
E. Gandotra, D. Bansal and S. Sofa, "Malware Analysis and Classification: A Survey," Journal of Information Security, pp. 56-64, 2014.
S. Herlambang, S. Basuki, D. R. Akbi and Z. Sari, "Deteksi Malware Android Berdasarkan System Call Menggunakan Algoritma Support Vector Machine," in SENTRA, Malang, 2018.
D. R. Akbi and A. R. Rosyadi, "Klastering Android Malware Berdasarkan Frekuensi System Call Menggunakan K-Means," in SENTRA, Malang, 2018.
Downloads
Published
How to Cite
Issue
Section
License
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work’s authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal’s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.